aif-plan
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It is instructed to read and prioritize rules from project-level files such as
.ai-factory/DESCRIPTION.md,.ai-factory/ARCHITECTURE.md, and specifically.ai-factory/skill-context/aif-plan/SKILL.md. - Ingestion points: The skill pulls implementation requirements and behavioral overrides from several project files, including config.yaml and roadmap artifacts.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat content from these external files as untrusted or to ignore embedded natural language instructions.
- Capability inventory: The skill possesses significant capabilities that could be misused if the input files are compromised, including shell command execution for git and filesystem operations (
Bash), and the ability to define tasks for subsequent execution viaTaskCreateand subagents. - Sanitization: The instructions do not mandate validation or sanitization of the content extracted from the project artifacts before it is used to influence the agent's logic.
Audit Metadata